Multiple eval injection vulnerabilities in iGeneric iG Shop 1.0 allow remote attackers to execute arbitrary code via the action parameter, which is supplied to an eval function call in (1) cart.php and (2) page.php. NOTE: a later report and CVE analysis indicate that the vulnerability is present in 1.4.
References
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 00:25
Type | Values Removed | Values Added |
---|---|---|
References | () http://osvdb.org/33387 - | |
References | () http://osvdb.org/33388 - | |
References | () http://packetstormsecurity.nl/0701-exploits/igshop10-multiple.txt - Exploit | |
References | () http://secunia.com/advisories/23604 - Vendor Advisory | |
References | () http://www.attrition.org/pipermail/vim/2007-June/001664.html - | |
References | () http://www.securityfocus.com/archive/1/456043/100/0/threaded - | |
References | () http://www.securityfocus.com/archive/1/471722/100/0/threaded - | |
References | () http://www.securityfocus.com/bid/21875 - | |
References | () http://www.vupen.com/english/advisories/2007/0056 - Vendor Advisory | |
References | () https://exchange.xforce.ibmcloud.com/vulnerabilities/31301 - | |
References | () https://www.exploit-db.com/exploits/3083 - |
Information
Published : 2007-01-09 11:28
Updated : 2024-11-21 00:25
NVD link : CVE-2007-0134
Mitre link : CVE-2007-0134
CVE.ORG link : CVE-2007-0134
JSON object : View
Products Affected
igeneric
- ig_shop
CWE
CWE-94
Improper Control of Generation of Code ('Code Injection')